Hacker News new | ask | show | jobs
by oconnor663 2972 days ago
If you continue to the next sentence in that man page:

> If this is of concern in your application, use getrandom(2) or /dev/random instead.

These bugs affect getrandom too.
1 comments
lihes 2971 days ago
Where is it written? Could you pin point it? I see urandom everywhere.
link
oconnor663 2971 days ago
I got it from this part, unless I'm misreading:

> Multiple callers, including sys_getrandom(..., flags=0), attempt to wait for the

> RNG to become cryptographically safe before reading from it by checking for

> crng_ready() and waiting if necessary. However, crng_ready() only checks for

> `crng_init > 0`, and `crng_init==1` does not imply that the RNG is

> cryptographically safe.

link